After a standard system upgrade you need to restart Firefox and anyapplication that use xulrunner, such as Epiphany, to effect thenecessary changes.

Details follow:

Liu Die Yu discovered an information disclosure vulnerability in Firefoxwhen using saved .url shortcut files. If a user were tricked intodownloading a crafted .url file and a crafted HTML file, an attackercould steal information from the user's cache. (CVE-2008-4582)

Georgi Guninski, Michal Zalewsk and Chris Evans discovered that thesame-origin check in Firefox could be bypassed. If a user were trickedinto opening a malicious website, an attacker could obtain privateinformation from data stored in the images, or discover informationabout software on the user's computer. This issue only affects Firefox 2.(CVE-2008-5012)

It was discovered that Firefox did not properly check if the Flashmodule was properly unloaded. By tricking a user into opening a craftedSWF file, an attacker could cause Firefox to crash and possibly executearbitrary code with user privileges. This issue only affects Firefox 2.(CVE-2008-5013)

Jesse Ruderman discovered that Firefox did not properly guard locks onnon-native objects. If a user were tricked into opening a maliciouswebsite, an attacker could cause a browser crash and possibly executearbitrary code with user privileges. This issue only affects Firefox 2.(CVE-2008-5014)

Several problems were discovered in the browser, layout and JavaScriptengines. These problems could allow an attacker to crash the browserand possibly execute arbitrary code with user privileges.(CVE-2008-5016, CVE-2008-5017, CVE-2008-5018)

David Bloom discovered that the same-origin check in Firefox could bebypassed by utilizing the session restore feature. An attacker couldexploit this to run JavaScript in the context of another site orexecute arbitrary JavaScript code with chrome privileges.(CVE-2008-5019)

Justin Schuh discovered a flaw in Firefox's mime-type parsing. If auser were tricked into opening a malicious website, an attacker couldsend a crafted header in the HTTP index response, causing a browsercrash and execute arbitrary code with user privileges. (CVE-2008-0017)

A flaw was discovered in Firefox's DOM constructing code. If a userwere tricked into opening a malicious website, an attacker couldcause the browser to crash and potentially execute arbitrary code withuser privileges. (CVE-2008-5021)

It was discovered that the same-origin check in Firefox could bebypassed. If a user were tricked into opening a malicious website, anattacker could execute JavaScript in the context of a different website.(CVE-2008-5022)

Collin Jackson discovered various flaws in Firefox when processingstylesheets which allowed JavaScript to be injected into signed JARfiles. If a user were tricked into opening malicious web content, anattacker could execute arbitrary code with the privileges of thesigned JAR or of a different website. (CVE-2008-5023)

Chris Evans discovered that Firefox did not properly parse E4Xdocuments, leading to quote characters in the namespace not beingproperly escaped. (CVE-2008-5024)